From nobody Mon Jun 8 05:24:57 2026 Received: from mail-qk1-f169.google.com (mail-qk1-f169.google.com [209.85.222.169]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by smtp.subspace.kernel.org (Postfix) with ESMTPS id 099E4395AC5 for ; Tue, 2 Jun 2026 18:43:39 +0000 (UTC) Authentication-Results: smtp.subspace.kernel.org; arc=none smtp.client-ip=209.85.222.169 ARC-Seal: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780425821; cv=none; b=sliM59SPLZUx+zIvli3pKgZOzfmE0Eq0FxPI/mg9whLhup2j0tCUgSxteoYIZBbYupVvCT08dQzE9Z68+X+k59wvt5e8bBvw4TTo690hmD37L1rMHhL2txxNz9j1hTBjw/Om+afB3VQo8AxgHf0BRam15tRg9NE2zMI0PePwjks= ARC-Message-Signature: i=1; a=rsa-sha256; d=subspace.kernel.org; s=arc-20240116; t=1780425821; c=relaxed/simple; bh=3Fd6TtJuprtvtCJX0pymaKKsP0+uLjIwmWNDxyTSYN4=; h=From:To:Cc:Subject:Date:Message-ID:MIME-Version; b=Mr9NfOXazKlH0gyGx5y+mgqmmBHoCHQyEo1/MfzpzV9RVn6m9Spve+w0qe6D1sV9GCah9ZeeoHQKZkOQwjoWjxduDl2CM4bCCfPlB7d/P89JQMGiKl+la5w6tPtuOsTvT1oBGe7+Nge8TzLUkCmlGsWB/+le+OQjrLWzNkBC6yI= ARC-Authentication-Results: i=1; smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=trailofbits.com; spf=pass smtp.mailfrom=trailofbits.com; dkim=pass (2048-bit key) header.d=trailofbits.com header.i=@trailofbits.com header.b=HQglv8AI; arc=none smtp.client-ip=209.85.222.169 Authentication-Results: smtp.subspace.kernel.org; dmarc=pass (p=reject dis=none) header.from=trailofbits.com Authentication-Results: smtp.subspace.kernel.org; spf=pass smtp.mailfrom=trailofbits.com Authentication-Results: smtp.subspace.kernel.org; dkim=pass (2048-bit key) header.d=trailofbits.com header.i=@trailofbits.com header.b="HQglv8AI" Received: by mail-qk1-f169.google.com with SMTP id af79cd13be357-91562bf6c12so231651585a.2 for ; Tue, 02 Jun 2026 11:43:39 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=trailofbits.com; s=google; t=1780425819; x=1781030619; darn=vger.kernel.org; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:from:to:cc:subject:date:message-id:reply-to; bh=6P9tEyW3kCCqm7OVGERZCcZB+h75VvrRt5VoI5vtrBM=; b=HQglv8AIh2QEGdoa28si0f0E/m4mYpHMzCpOTQs7U44cnh68xAVSfq2/j6lrBIlUqf YJU1Ke0Ir7leWokPxDAS1vIfLBvaSQbpjd0O7+qKRxfoglf7SrVHHtvwvrt0juXv1HGZ 5qAvEO8rX69aH0LrQl5/NoWPLRJgC1AtVAjmm0sIFESqXbxBwzrB7nWccb1Y/Geiygjc BXzZLLFbIjR+7mqXrhQn5hzkJeIK83VGq1aBvBixRjdG2I+UBwcvP/hwHPb6vU9UG0gF bN06ZglKeLmkG3A3g0IHv+TeIQ/2iNeJxgyUttzh93TZ3ND225u1mcV7608CcpHWnZ2b IOjg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1780425819; x=1781030619; h=content-transfer-encoding:mime-version:message-id:date:subject:cc :to:from:x-gm-gg:x-gm-message-state:from:to:cc:subject:date :message-id:reply-to; bh=6P9tEyW3kCCqm7OVGERZCcZB+h75VvrRt5VoI5vtrBM=; b=mIT19PCcz5l7bFrBp+aYM6Hr7vNBanDTb+b8eKIdJWcDpOjaIPJJ9Fn7rLY4jRDTQq XUakdfMcxnr2DnVKBR/zPB3znUoKrUjoV+3Kv2A+qGA3+r44efHh7jxn+spE6oocV7Nx Yi7+BsGYYQESop5jmbICsjTGQBw5oDzVC0ugtzi2StZb5+phBF+mrSgin/64QJ0nfWPe +QHtIRms98Gcqs3ODurIyI7rA3nr6wp3ZYsMTRpvuV997OUll6OWYXf0MneGvCBIDST3 ljS3xGeI4e9oGVUoJvkr+gsKyuGNCOBtujWVL3J57TnvZAnYuyfjZQNY2gkWANZ3S/IX rdkg== X-Forwarded-Encrypted: i=1; AFNElJ8NDOUzHQ1NTlCR/84R2MolmgIKIVcZ9I67r8rTDg+sqbt6F3A2HR98PtKYCAcH12iG8DURZPr5iGkUbok=@vger.kernel.org X-Gm-Message-State: AOJu0YwCU/ttk0MdjjQs4ENC0aGkAN6yGIOywKOxapaPzZfcwwrs73h/ Yaf08Nx/5oaL+N8bAGDkfFLXkIwDVZmef19/tIL/yJ5+PfSZKF/N+2TIxvjJ5GPnWWc= X-Gm-Gg: Acq92OE+/VJirMMz9lZuQwmKag9w7ZKFYTVa/qUwC6/6hahabr2PQlzRKOTovjmDCWe DSJlFbu84MfF2f5fVCppMvtKT5VWkHD5eLh27Gq018yKQU7QeSOYzoaH45aqVRaVVvV2XiJIrac aeynr6LHagoiYqHlLd+gGAaJ+Pl9O4d5dcLl71P75i2LyHbkqTzZAdMSg8P4NnDV1xSJHu7hib4 5KKfRe+4lLrI8kHG1yJxF3+fwCdqsyY56iBlAGDWZ34aSYIcfvWCu9LrkRN4jUG/oEx0qIQcTXt rjZttnwSuIR1RpXIJYFqCCpim9GVQRsDkIzVeJ6Pg6OJgiSgUBOT6QacLAjt4yjqBG96BMiL9GP fa9ua5JhHR/nXryURJCQuFFINTSu6xOZvuQy/hzj/pWasLxZuwCSk8fQOn3yLme/4l/+c/3MCMx Vy0GjyviIRC0K7SHwEggLz2/a+wfZeaOvC/nLIEw== X-Received: by 2002:a05:620a:2786:b0:913:7bc8:79b4 with SMTP id af79cd13be357-9158a81148bmr43320785a.51.1780425818854; Tue, 02 Jun 2026 11:43:38 -0700 (PDT) Received: from localhost ([161.35.96.86]) by smtp.gmail.com with UTF8SMTPSA id af79cd13be357-9158a00a4f4sm26247885a.3.2026.06.02.11.43.38 (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Tue, 02 Jun 2026 11:43:38 -0700 (PDT) From: Sam Moelius To: Steven Rostedt Cc: Samuel Moelius , Masami Hiramatsu , Mathieu Desnoyers , linux-kernel@vger.kernel.org, linux-trace-kernel@vger.kernel.org Subject: [PATCH] tracing: Reject tracefs buffer size values that overflow bytes Date: Tue, 2 Jun 2026 18:43:34 +0000 Message-ID: <20260602184335.1554470-1-sam.moelius@trailofbits.com> X-Mailer: git-send-email 2.43.0 Precedence: bulk X-Mailing-List: linux-kernel@vger.kernel.org List-Id: List-Subscribe: List-Unsubscribe: MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" From: Samuel Moelius `tracing_entries_write()` accepts a `buffer_size_kb` value as `unsigned long`, checks only for zero, then shifts left by 10. On 64-bit, writing `18014398509481984` KB wraps the byte count to zero and the ring buffer resize path accepts it as a tiny buffer instead of rejecting an impossible huge size. The fix also adds the same pre-scale overflow check to `buffer_subbuf_size_write()`. Assisted-by: Codex:gpt-5.5-cyber-preview Signed-off-by: Samuel Moelius --- kernel/trace/trace.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/kernel/trace/trace.c b/kernel/trace/trace.c index 6eb4d3097a4d..79da29c3d525 100644 --- a/kernel/trace/trace.c +++ b/kernel/trace/trace.c @@ -5735,7 +5735,7 @@ tracing_entries_write(struct file *filp, const char _= _user *ubuf, return ret; =20 /* must have at least 1 entry */ - if (!val) + if (!val || val > ULONG_MAX >> 10) return -EINVAL; =20 /* value is in KB */ @@ -8206,6 +8206,9 @@ buffer_subbuf_size_write(struct file *filp, const cha= r __user *ubuf, if (ret) return ret; =20 + if (!val || val > ULONG_MAX / 1024) + return -EINVAL; + val *=3D 1024; /* value passed in is in KB */ =20 pages =3D DIV_ROUND_UP(val, PAGE_SIZE); --=20 2.43.0